Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type BPFSniffer ¶
type BPFSniffer struct {
// contains filtered or unexported fields
}
BPFSniffer is a struct used to track state of a BSD BPF ethernet sniffer such that gopacket's PacketDataSource interface is implemented.
func NewBPFSniffer ¶
func NewBPFSniffer(iface string, options *Options) (*BPFSniffer, error)
NewBPFSniffer is used to create BSD-only BPF ethernet sniffer iface is the network interface device name that you wish to sniff options can set to nil in order to utilize default values for everything. Each field of Options also have a default setting if left unspecified by the user's custome Options struct.
func (*BPFSniffer) Close ¶
func (b *BPFSniffer) Close() error
Close is used to close the file-descriptor of the BPF device file.
func (*BPFSniffer) GetReadBufLen ¶
func (b *BPFSniffer) GetReadBufLen() int
GetReadBufLen returns the BPF read buffer length
func (*BPFSniffer) ReadPacketData ¶
func (b *BPFSniffer) ReadPacketData() ([]byte, gopacket.CaptureInfo, error)
type Options ¶
type Options struct {
// BPFDeviceName is name of the bpf device to use for sniffing
// the network device. The default value of BPFDeviceName is empty string
// which causes the first available BPF device file /dev/bpfX to be used.
BPFDeviceName string
// ReadBufLen specifies the size of the buffer used to read packets
// off the wire such that multiple packets are buffered with each read syscall.
// Note that an individual packet larger than the buffer size is necessarily truncated.
// A larger buffer should increase performance because fewer read syscalls would be made.
// If zero is used, the system's default buffer length will be used which depending on the
// system may default to 4096 bytes which is not big enough to accomodate some link layers
// such as WLAN (802.11).
// ReadBufLen defaults to 32767... however typical BSD manual pages for BPF indicate that
// if the requested buffer size cannot be accommodated, the closest allowable size will be
// set and returned... hence our GetReadBufLen method.
ReadBufLen int
// Timeout is the length of time to wait before timing out on a read request.
// Timeout defaults to nil which means no timeout is used.
Timeout *syscall.Timeval
// Promisc is set to true for promiscuous mode ethernet sniffing.
// Promisc defaults to true.
Promisc bool
// Immediate is set to true to make our read requests return as soon as a packet becomes available.
// Otherwise, a read will block until either the kernel buffer becomes full or a timeout occurs.
// The default is true.
Immediate bool
// PreserveLinkAddr is set to false if the link level source address should be filled in automatically
// by the interface output routine. Set to true if the link level source address will be written,
// as provided, to the wire.
// The default is true.
PreserveLinkAddr bool
}
Options is used to configure various properties of the BPF sniffer. Default values are used when a nil Options pointer is passed to NewBPFSniffer.
Source Files